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AMENDMENTS TO THE CLAIMS: 

Please amend claims 1 and 34 as follows. ; 

This listing of claims will replace all prior versions, and listings, of claims in|the 
application: 

L (currently amended) A data processing apparatus, comprising: 
a processor operable in a plurality of modes and a plurality of domains, said plurality of 
domains comprising a secure domain and a non-secure domain, multiples of ^aid phrality of 
modes being replicated in said secure domain andisaid non-secure domain for; provkjing multiple 
non-secuxe modes comprising modes in the non-secure domain, and multiple 
comprising modes in the secure domain, said processor being operable such tliat whfen executing 
a program in a secure mode said program has access to secure data which is not accessible when 
said processor is operating in a non-secure mode; ; 

a memory operable to store data required by the processor and compris 

memory for storing secure data and non-secure memory for storing non-secu* e data, 

i 

processor being operable to issue a memory access request when access to anj item cf data in the 

i 

memory is required; 

i 

at least one memory management unit, upon receipt of the memory actcess re quest from 

j 

the processor, for performing conversion of a virtual address specified by thej memo ry access 
request to a physical address; 

a first set of tables, each table in the first set containing a number of first descriptors, each 
first descriptor containing at least a virtual address portion and a corresponding intermediate 
address portion; 



sing secure 
the 
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a second set of tables, each table in the second set containing a number of secjond 
descriptors, each second descriptor containing at least an intermediate address portiojn and a 
corresponding physical address portion, the second set of tables being managed by 4 e processor 
when operating in a privileged mode which is not a non-secure mode; 

the at least one memory management unit causing predetermined tables in said 
second set to be referenced to enable the conversion of the virtual address spescified 
memory access request to a physical address, when said memory access request 
non-secure domain, the predetermined table in sai<i first set of tables comprises a 
by the processor when operating in one of said non-secure modes, but the predetermined 
said second set of tables preventing access to physical addresses aed forming [ asaid s 
memory. 



: pert rins 



i table 



2. (original) A data processing apparatus as claimed in Claim 1, wherein 
mode is a monitor mode in which the processor is operable to manage switching 
secure domain and said non-secure domain. 



first and 
>ythe 

to said 
managed 
table in 
ecure 



3, (original) A data processing apparatus as claimed in Claim 1, wherein sai<J privileged 
mode is a privileged secure mode. 



in the privileged 
between said 



4. (previously presented) A data processing apparatus as claimed in Claim 3. 
said multiple non-secure modes the processor is operable under the control of a non 
operating system and in said multiple secure modes the processor is operable! under 
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a secure operating system, the secure operating system being operable to mankge the] second set 
of tables when the processor is operating in the privileged secure mode. 

5. (original) A data processing apparatus as claimed in claim 2, wherein wheji switching 
between the secure domain and the non-secure doinain, the processor is operable in flie monitor 
mode to select the predetermined tables in said first and second sets, dependent on wfhether the 
domain being switched to is the secure domain or the non-secure domain. 

6. (original) A data processing apparatus as claimed in Claim 1, wherein the 
predetermined tables within said first and second sets are selected when the tables ai)e to be 
referenced dependent on whether the processor is operating in a secure mode or a nonsecure 
mode at the time the memory access request is issued. 

7. (original) A data processing apparatus as claimed in Claim 1 , wherein the k least one 
memory management unit comprises a first memory management unit and a second [memory 
management unit. 



8. (original) A data processing apparatus as claimed in Claim 7, wherein the 



first set are associated with the first memory management unit and the tables 
are associated with the second memory management unit. 



9. (original) A data processing apparatus as claimed in Claim 7, 
memory management unit needs to access a first descriptor within a 



predetermined 



tables in the 
in the s econd set 



wherein if tlie first 

able of said 
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first set, it issues a table lookup request specifying an intermediate address for that first 



P. 06 



descriptor, the second memory management unit being operable to receive the table 



request and determine the physical address corresponding to that intermediate 1 address. 



1 0. (original) A data processing apparatus as claimed in Claim 9, 
memory management unit is then operable to cause the first descriptor at 
be retrieved and returned to the first memory management unit. 



11. (original) A data processing apparatus as claimed in Claim 7, wherein the 
memory management unit comprises a first internal storage unit for storing first descriptors 
retrieved from the predetermined table of the first set, and used by the first memory 

i 

unit to derive access control information used to perform the conversion of thje virtual 
into a corresponding intermediate address. 



wherein thq second 
thatpphysiclal address to 



12. (original) A data processing apparatus as claimed in Claim 1 1 , whprein 
internal storage unit is a first translation lookaside buffer (TLB) operable to store 
descriptors retrieved from the predetermined table of the first set. 



ookup 



first 



management 
address 



the 



thn 



management 



13. (original) A data processing apparatus as claimed in claim 12, wherein tHe first TLB 
is a first main TLB for storing the first descriptors retrieved by the first memory 
unit from the predetermined table of the first set, rind the internal storage further comprises a 
micro-TLB for storing the access control infonnafton derived from the first djescript|>rs, the 
access control information comprising conversions between a number of virtual address portions 
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and corresponding intermediate address portions, and the access control information being 
transferred from the first main TLB to the micro-TLB prior to use of that access control 
information by the first memory management unit; 



desc ripto 



14. (original) A data processing apparatus as claimed in Claim 7, wherein the 
memory management unit comprises a first internal storage unit for storing new 
derived from corresponding first and second descriptors retrieved from the predeteroto 
of the first and second sets, and used by the first memory management unit to 
control information used to perform the conversion of the virtual address into 
physical address. 



derive 

a corresponding 



15. (original) A data processing apparatus as claimed in Claim 14, wherein tfte first 

internal storage unit is a first translation lookaside>uffer (TLB) operable to siprc th^ new 

I 

descriptors derived from corresponding first and second descriptors. j 



the 



16. (original) A data processing apparatus as claimed in claim 15, wherein 
is a first main TLB for storing the new descriptors; derived from correspondinlg first 
descriptors, and the internal storage unit further comprises a micro-TLB for s toring 

control information, the access control information comprising conversions betweer 

i 

virtual address portions and corresponding physical address portions, and thej access 
information being transferred from the first main TLB to the micro-TLB prior to us| 
access control information by the first memory management unit. 



first 
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access 



first TLB 
md second 
1 he access 
a number of 
control 
of thai 
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17. (original) A data processing apparatus as claimed in Claim 7, wherein thq second 
memory management unit comprises a second internal storage unit for storing seconp descriptors 
retrieved from the predetermined table of the second set, and used by the second memory 
management unit to derive access control information used to perform the conversion of the 
intermediate address into a corresponding physical address. 



18. (original) A data processing apparatus as claimed in Claim 17, wherein 
internal storage unit is a second translation lookaside buffer (TLB) operable ti> store 
descriptors retrieved from the predetermined table of the second set. 



storage 



1 9. (original) A data processing apparatus as claimed in claim 1 8, wherein 
TLB is a second main TLB for storing the second descriptors retrieved by the] second 
management unit from the predetermined table of the second set, and the internal 
comprises a micro-TLB for storing the access control information derived from the 
descriptors, the access control information comprising conversions between 4 number 
intermediate address portions and corresponding physical address portions, and the 
control information being transferred from the second main TLB to the micro-TLB 
of that access control information by the second memory management unit 



the 



the 



20. (original) A data processing apparatus as claimed in Claim 18, wherein 
internal storage unit is a first translation lookaside buffer (TLB) operable to store 
descriptors retrieved from the predetermined table of the first set, and whereii the 
second sets of tables each comprise at least a secure table and a non-secure t^ble, th 
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second TLBs comprising a flag associated with each descriptor stored therein 
that descriptor is derived from said non-secure table or said secure table. 



to ider itify whether 



the 



to identify 



21. (original) A data processing apparatus as claimed in Claim 19, wherein 
second sets of tables each comprise at least a secure table and a non-secure ta >le, the 
second TLBs comprising a flag associated with each descriptor stored therein 
that descriptor is derived from said non-secure table or said secure table, and whereih 
TLB of both the first and second memory management units is flushed whenever the 
operation of the processor changes between a secure mode and a non-secure node, 
mode access control information only being transferred to the micro-TLB from a 
the associated first or second main TLB that said associated flag indicates is from 
table, and in the non-secure mode access control information only being transferred 
TLB from a descriptor in the associated first or second main TLB that said associate^ 
indicates is from the non-secure table. 



descriptor 



tths 



22. (original) A data processing apparatus -as claimed Claim 1, wherein the at least one 



memory management unit comprises a single memory management unit, and 
operable to execute table merging code to reference the predetermined tables !of the 
second sets in order to produce from a first descriptor and an associated second 
descriptor associating a virtual address portion with a corresponding physical addreis portion, 



first and 
first and 

whether 
the micro- 
mode of 
the secure 
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secure 
to the micro- 
flag 



the processor is 
3rst and 
descriptor a new 



-8!- 

PAGE 9/18 * RCVD AT 511712006 12:40:08 PM [Eastern Daylight Time] * SVR:USPT0-EFXRF-1/12 * DNiS:2738300 * CSID:703 816 4100 ' DURATION (mm-ss):06-38 



>J I XON & VANDERHYE PC Eax: 703-81 6-41 00 

MANSELL et al 
Appl.No. 10/713,454 
May 17, 2006 



lay 1? 2006 12:43 



P. 10 



I 



23. (original) A data processing apparatus as claimed in Claim 22, whpein tqe table 

merging code is operable to retrieve the first descriptor after referencing tbe predetermined table 

i 

in the second set to obtain the physical address of the first descriptor. j 

i 

i 

i 

24, (original) A data processing apparatus as claimed in Claim 23, wherein the table 

merging code is operable to use the first descriptor to determine the intermediate adc ress 

i 

corresponding to the virtual address specified by the memory access request, and to 1 hen 

reference the predetermined table in the second set to obtain the second descriptor pioviding a 

i 

physical address for that intermediate address, whereafter the table merging c|>de is operable to 
merge the first and second descriptors to produce the new descriptor. j 



25. (original) A data processing apparatus as claimed in Claim 22, wherein 
memory management unit comprises an internal storage unit for storing the new 
produced by the table merging code, and used by the single memory management 
access control information used to perform the conversion of the virtual address into 
corresponding physical address. 



26. (original) A data processing apparatus ;as claimed in Claim 25, wherein 
* ' i 

is operable to execute the table merging code when the access control information 

determine the physical address for the memory access request is not fonnd injthe i 

unit 



the; 



single 
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unit 
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27. (original) A data processing apparatus ks claimed in Claim 25, wherein flje internal 
storage unit is a translation lookaside buffer (TLB) operable to store the new descriptors 
produced by the table merging code. 



28. (original) A data processing apparatus as claimed in claim 27, wherein the 
main TLB for storing the new descriptors obtained by the single memory management 
the table merging code, and the internal storage further comprises a micro-TLB for 
access control information derived from the new descriptors, the access control infoifmation 
comprising conversions between a number of virtual address portions and 
physical address portions, and the access control information being transferred from 
TLB to the micro-TLB prior to use of that access control information by the single 
management unit 



TLB is a 
unit from 
storing the 



corresponiing 



the main 



memory 



29. (original) A data processing apparatus as claimed in Claim 27, wherein 
second sets of tables each comprise at least a secure table and a non-secure table, th«> 
comprising a flag associated with each new descriptor stored therein to identity whether 
descriptor is derived from said non-secure tables or said secure tables. 



30. (original) A data processing apparatus as claimed in Claim 28, wherein 
second sets of tables each comprise at least a secure table and a non-secure table, th£ 
comprising a flag associated with each new descriptor stored therein to identify 
descriptor is derived from said non-secure tables or said secure tables, and wherein 
TLB of the single memory management unit is flushed whenever the mode 



of operation 



the 



first and 
TLB 

that new 



tiei 



first and 
TLB 
whdther that new 
he micxo- 
ofthe 
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processor changes between a secure mode and a non-secure mode, in the secure mode 
control information only being transferred to the micro-TLB from a new descriptor 
TLB that said associated flag indicates is derived from secure tables, and in Hie non- 
access control information only being transferred to the micro-TLB from a nejw descjript* 
main TLB that said associated flag indicates is derived from non-secure tables 



P. 12 



access 
the main 
secure mode 
rotor in the 



31 . (original) A data processing apparatus as claimed in Claim 22, wherein i 
mode is a monitor mode in which the processor is operable to manage switching 4 
secure domain and said non-secure domain, and wherein the table merging cojde is 
the processor when operating in the monitor mode. 



the 



privileged 
said 
executed by 



between i 



32. (original) A data processing apparatus as claimed in Claim 1, wherein said first and 
second sets of tables comprise page tables. 

i 

! 

| 
} 

33. (original) A data processing apparatus as claimed in Claim 1, wherein th<; first set of 
tables and the second set of tables are stored within said memory, 



in a data 



and 



34. (currently amended) A method of controlling access to a memory 
apparatus, the data processing apparatus comprising a processor operable in a plurality 
and a plurality of domains, said plurality of domains comprising a secure domain 
secure domain, multiples of said plurality of modes being replicated in said 
said non-secure domain for providing multiple non-secure modes comprising mode^ 
secure domain, and multiple secure modes comprising modes in the secure domain, 



processing 
of modes 



a non- 
domain and 
in the non- 
said 
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processor being operable such that when executing a program in a secure mode said 



program has 
in a nc n-secure 
and compr sing secure 
the method 



address 



access to secure data which is not accessible when said processor is operating 
mode, the memory being operable to store data required by the processor 
memory for storing secure data and non-secure memory for storing non-securp data, 
comprising the steps of: 

providing a first set of tables, each table in the first set containing a number 
descriptors, each first descriptor containing at least a virtual address portion and a 
intermediate address portion; 

providing a second set of tables, each table, in the second set containing a 
second descriptors, each second descriptor containing at least an intermediate 
and a corresponding physical address portion, the second set of tables being njianagefl 

i 
i 

processor when operating in a privileged mode which is not a non-secure mode; 

issuing fiom the processor a memory access request when access to an item 
memory is required; and 

performing conversion of a virtual address specified by the memory atcess 
physical address with reference to predetermined tables in said first and second set, 
memory access request pertains to said non-secure domain, the predetermined table 
set of tables comprises a table managed by the processor when operating in one 
secure modes, but the predetermined table in said second set of tables preventing 
physical addresses and-fonning asaid secure memory. 



cf first 
corresponding 



nuqiber of 
portion 
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35. (original) A method as claimed in Claim 34, wherein the privileged mod^ is a monitor 
mode in which the processor is operable to manage switching between said secure domain and 
said non-secure domain. 

36. (original) A method as claimed in Claim 34, wherein said privileged mod|e is a 
privileged secure mode. 

37. (previously presented) A method as claimed in Claim 36, wherein in said multiple 
non-secure modes the processor is operable under the control of a non-secure operating system 
and in said multiple secure modes the processor is operable under the control jof a sefcure 
operating system, the secure operating system being operable to manage the second $et of tables 
when the processor is operating in the privileged secure mode. 



38- (original) A method as claimed in claim 35, wherein when switching 
secure domain and the non-secure domain, the processor is operable in the monitor 
select the predetermined tables in said first and second sets, dependent on whether 
being switched to is the secure domain or the non-secure domain. 



predeteniined tables within 
on whether 



39. (original) A method as claimed in claim 34, wherein the 
said first and second sets are selected when the tables are to be referenced dependenf 
the processor is operating in a secure mode or a non-secure mode at the time the mefnory access 
request is issued. 



between 
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40. (original) A method as claimed in claim 34, wherein said step of performing 
conversion of a virtual address to a physical address is performed by at least pne of 4 first 
memory management unit and a second memory management unit. 

41 . (original) A method as claimed in Claim 40, wherein if the first memory Management 
unit needs to access a first descriptor within a predetermined table of said first set, th|e method 
further comprises the steps of: 

issuing from the first memory management unit a table lookup request specifying an 
intennediate address for that first descriptor; and 

receiving the table lookup request at the second memory management unit arid 
determining the physical address corresponding to that intermediate address. 



42. (original) A method as claimed in Claim 41, further comprising the step of: 
causing the first descriptor at that physical address to be retrieved and 
memory management unit 



43. (original) A method as claimed in Claim 42, further comprising thje steps 



causing a second descriptor within a predetermined table of said second set 
retrieved; and 

merging the first descriptor and second descriptor in order to produce a ne* 
for storing in the first memory management unit, the new descriptor containing at 
address portion and a corresponding physical address portion. 
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44, (original) A method as claimed in claim 34, wherein the data processing apparatus 
comprises a single memory management unit, and the method comprises the 

executing table merging code to reference the predetermined tables of the 
second sets in order to produce from a first descriptor and an associated second descjipto] 
descriptor associating a virtual address portion with a corresponding physical 



step of: 



firs it 



addres 5 



45. (original) A method as claimed in Claim 44, wherein the table merging c<|)de is 
operable to perform the steps of: 

referencing the predetermined table in the second set to obtain the ph>jsical address of the 
first descriptor, and 

retrieving the first descriptor, 

46. (original) A method as claimed in Claim 45, wherein the table merging cpde is further 
operable to perform the steps of: 

using the first descriptor to determine the intermediate address corresponding to the 
virtual address specified by the memory access request; 

referencing the predetermined table in the second set to obtain the secpnd descriptor 
providing a physical address for that intermediate address; and 

merging the first and second descriptors to produce the new descriptor 



47. (original) A method as claimed in claim 44, wherein the single memory 
unit comprises an internal storage unit for storing access control i 
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new descriptor produced by the table merging code, and used by the siogle memory management 
unit to perform the conversion of the virtual address into a corresponding physical address. 



48. (original) A method as claimed in Claim 47, wherein the processor 
execute the table merging code when the access control information required 
physical address for the memory access request is not found in the internal 



is oj 
fa 

;euhit 



storagi 



49. (original) A method as claimed in claim 44, wherein the privileged mode 
mode in which the processor is operable to manage switching between said secure domain 
said non-secure domain, and wherein the table merging code is executed by tljie 
operating in the monitor mode. 



50. (original) A computer program providing table merging code and 
configure a processor of a data processing apparatus to perform the method o; 



51 . (original) A computer program product carrying a computer progrjam as Claimed in 
Claim 50. 
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